A UK view on Cyber, Information & IT Security by Security Expert Dave Whitelegg. Providing advice and explaining security for everyone, and also contemplating advanced themes and future trends in security.
With a focus on all the latest developments & issues within the UK Information Security space such as Hacking, DDoS, Botnets, Malware, Identity Theft, Data Protection (DPA) and regulatory compliance like PCI DSS & ISO27001:2013, all will be explained in an easy to understand way.

Sunday, 16 March 2014

Was Flight MH370 Cyber Hijacked?

The disappearance of Flight MH370 is
turning into one of the biggest mysteries of the age, the evidence is sketchy, everyone seems to have their theory, and the media are
running riot with endless speculation. As a security professional I can’t help
but wonder whether there was a cyber element to the incident, especially given
the high amount of technology used in modern fly-by-wire jet planes like the Boeing
777-200ER.

Was Flight MH370 Cyber Jacked?

I have managed and consulted with many cyber
security incidents over the years, but the following will be my own conjecture. When I usually deal cyber incidents, my golden rule is to only deal with the facts
and the evidence, and saving any speculation for the Sherlock Holmes fan club. But
with this incident I am allowing myself the luxury of exploring potential cyber
attack possibilities with the MH370 flight disappearance, as over the week quite a
few people have asked me whether the flight could have been hacked, the ‘cyber
jacking’ speculation will only grow after today’s headlines in today's Sunday Newspapers.

So lets start with the facts, we now know flight
MH370’s transponder and the Aircraft Communications Addressing and Reporting
System (Acars) were both disabled while the aircraft was over the South China
Sea, and after this the Boeing 777 changed direction, heading West.

Could the transponder and Acars been
disabled by a Cyber attack?

It may well be possible to jam a transponder and Acars from within the aircraft cabin, preventing such devices from broadcasting by using fairly
basic equipment to swamp these devices receiving and broadcasting frequencies with noise, a denial
of service attack if you will. But I think such an attack could also interfere
with other aircraft systems and jeopardise the likely objective of the hijack,
which appears to be taking control of the aircraft. I believe it is far more
rational that the transponder and Acars were disabled by human hand, as it is far simpler to do than a cyber attack, and it guarantees these systems are actually disabled, and then remain disabled indefinitely. The human disablement is given further credence
when you consider control of the aircraft had been achieved by the attacker or
attackers; as control of the aircraft is proven by the radical course change.

Could the aircraft be remote controlled due
to a Cyber Attack?

A Boeing 777 cannot be remotely flown from
the ground as far as anyone is aware, but we cannot rule out the possibility
that someone sat in the cabin could use a laptop or mobile phone, to infiltrate the
aircraft’s computer systems and take control of the aircraft.A sophisticated fly-by-wire Boeing 777 is
reliant on its computer systems to fly, and can fly completely unaided through the autopilot. Attacking the aircraft’s computer systems and changing
the autopilot settings is a possibility, however the problem I have with this
theory is that autopilot can be overridden by the pilot and co-pilot from
within the cockpit. It is very unlikely a hack could lock out the pilot controls and prevent
the pilot from radioing such a situation to air traffic controllers.The most plausible explanation is usually
the simplest, namely the aircraft is physically controlled by whoever is sat in the cockpit. If you have technical theory on how such attacks could work, please post in the comments as I
would be very interested to learn how it could be done, but please go beyond from just mentioning
PlaneSploit, and describe how such tools could be used to lock the pilot out from
the aircraft controls.

Conclusion

In my view based on the current evidence, I
believe we are looking at a sophisticated plane hijack, by a person or
persons who have a high degree of expertise in aviation, not cyber security. Although
the investigation should not rule out a cyber attack element, I think it is far more plausible to switch off the aircraft tracking and to take control of the aircraft from sitting within the cockpit, than sitting in the cabin with a laptop or mobile phone. We’ll see if my speculation at this time of posting is
correct or not over the coming days and weeks, or perhaps even months or years, but lets not give up hope for a positive outcome for the many involved.

About Me

ShareThis

Disclaimer

This is a personal website, all views or opinions represented in this blog are personal to Dave Whitelegg and guest bloggers that post, and do not represent the views or opinions of any business or organisation. All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information.

All original content copyright David Whitelegg 2007-2016. You may not use any original content with. Awesome Inc. template. Powered by Blogger.